Apache Friends Support Forum

[real_computernoobs]

I have now read through the handbook of Apache and tips in online forums. But unfortunately I don't understand it at all.

https://httpd.apache.org/docs/current/mod/mod_headers.html

The optional argument condition determines which internal table of response headers this directive works with: onsuccess (default, can be omitted) or always. The difference between the two lists is that the headers contained in the latter are added to the response even in case of error, and persist across internal redirections (e.g. ErrorDocument handler). Also note that repeating this directive with both conditions is useful in some scenarios because always is not a superset of onsuccess with respect to existing headers:

You are adding a header to a locally generated non-success response (not 2xx), such as a redirect. In this case, only the table that always corresponds is used in the final response.

You modify or remove a header generated by a CGI script or by mod_proxy_fcgi. In this case, the headers of the CGI script are in the table that corresponds to always, not in the default table.

You are changing or removing a header that was generated by part of the server, but that header is not found by the default onsuccess condition.

Currently I have in my .htaccess among others the following

Code: Select all

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload".

Now Apache tells me that "always" refers to other tables. Namely also to erroneous requests or outputs, as it happens with errors in the range Error 5xx.

I just don't understand this at all, the internet is full of chaos. Maybe we can clarify this here and clear up the myths.

Code: Select all

Wouldn't it be more intelligent to write the following in the htacces  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

and additionally

Code: Select all

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload".

Currently I have for all entries of the header the specification

Code: Select all

always

Can someone please explain this to me clearly for a noob? Thanks ☺

PS: Please no hate. The server is maintained by a company (firewall, security, etc.), but I am responsible for setting up the .htaccess file myself.

[Nobbie]

Can someone please explain this to me clearly for a noob? Thanks ☺

I dont think so. It requires a deep insight in HTTP protocoll and how HTTP works. As you stated, you are "a noob". Thats quite not a problem and of course, you can work on it hardly. But we cannot simply explain how HTTP is working within a few words. Do you think, you can build a Plasma TV when someone clearly explains how it works? No.

Sorry, we cannot replace the need of taking lots (really lots) of time to learn about HTTP and about Apache configuration. Thats a huge terrain and it takes lots of reading and learning in order to know, how things are working. Its really totally impossible to clarify in a few words, how Apache deals with HTTP headers. That is insane.

Actually, i simply would recommend to delete that .htaccess. As long as you have no idea, what is happening there, there is no way to use it. Even i dont know what it does and i am in Apache for more than 10 years now. Of course i can read the documentation and of course, i have a good chance to understand the meaning of all of that. But why should i? If you dont understand it, you dont need it.